Marco De Donno · Marco De Donno · Marco De Donno · Marco De Donno · a33795fe · a33795fe
--- a/views/adm/__init__.py
+++ b/views/adm/__init__.py
@@ -6,7 +6,7 @@ from flask import jsonify, session, redirect, url_for

 import config

-from version import __version__, __branch__, __commit__, __commiturl__, __treeurl__
+import version

 import utils

@@ -20,7 +20,7 @@ def ping():
    return "pong"

 @adm_view.route( "/version" )
-def version():
+def route_version():
    """
        Function to report the version of the web app. The version.py file is
        re-generated by the CI/CD for production.
@@ -28,11 +28,11 @@ def version():
    try:
        return jsonify( {
            "error": False,
-            "version": __version__,
-            "branch": __branch__,
-            "commit": __commit__,
-            "commiturl": __commiturl__,
-            "treeurl": __treeurl__
+            "version": version.__version__,
+            "branch": version.__branch__,
+            "commit": version.__commit__,
+            "commiturl": version.__commiturl__,
+            "treeurl": version.__treeurl__
        } )

    except:

--- a/views/login/__init__.py
+++ b/views/login/__init__.py
@@ -204,8 +204,9 @@ def do_login():
            
            # Check for outdated password and update it in the database if needed
            _, _, salt, iterations, _ = user[ "password" ].split( "$" )
+            iterations = int( iterations )
            
-            if iterations != config.PASSWORD_NB_ITERATIONS or salt.len() != config.PASSWORD_SALT_LENGTH:
+            if iterations != config.PASSWORD_NB_ITERATIONS or len( salt ) != config.PASSWORD_SALT_LENGTH:
                new_password = utils.hash.pbkdf2(
                    form_password,
                    utils.rand.random_data( config.PASSWORD_SALT_LENGTH ),
@@ -748,7 +749,7 @@ def do_password_reset_thread( email, localapp ):
        return False

    else:
-        users = config.db.query_fetchall( "SELECT id, username, email FROM users" )
+        users = config.db.query_fetchall( "SELECT id, username, email FROM users ORDER BY username ASC" )
        
        found = []
        
@@ -759,6 +760,22 @@ def do_password_reset_thread( email, localapp ):
                continue
            
            elif utils.hash.pbkdf2( email ).verify( user[ "email" ] ):
+                # Check outdated email hash
+                _, _, salt, iterations, _ = user[ "email" ].split( "$" )
+                iterations = int( iterations )
+                
+                if iterations != config.EMAIL_NB_ITERATIONS or len( salt ) != config.EMAIL_SALT_LENGTH:
+                    new_email_hash = utils.hash.pbkdf2(
+                        email,
+                        utils.rand.random_data( config.EMAIL_SALT_LENGTH ),
+                        config.EMAIL_NB_ITERATIONS
+                    ).hash()
+                    
+                    config.db.query( "UPDATE users SET email = %s WHERE id = %s", ( new_email_hash, user[ "id" ] ) )
+                    config.db.commit()
+                
+                ####################################################################
+                
                user_id = hashlib.sha512( utils.rand.random_data( 100 ) ).hexdigest()
                
                ####################################################################

--- a/views/login/templates/login/login.html
+++ b/views/login/templates/login/login.html
@@ -364,7 +364,7 @@
        
        /* Get the version of ICNML */
        $.ajax( {
-            url: "{{ url_for( 'adm.version' ) }}",
+            url: "{{ url_for( 'adm.route_version' ) }}",
            dataType: "json",
            method: "GET",
            success: function( data ){